[HPN] Fw: Information Dispatch - W32/Trinoo
William Tinker
wtinker@fcgnetworks.net
Sat, 26 Feb 2000 15:32:01 -0500
This is a multi-part message in MIME format.
------=_NextPart_000_001C_01BF806E.A0608060
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
McAfee.com Dispatch - VIRUS ALERT
##NHHOMELESS##
+++++++++++++++GROUP FOR YOUR INFORMATION++++++++++++++++
A Bro.=20
Bill
----- Original Message -----=20
From: Rosalie Philibert=20
To: wtinker@fcgnetworks.net ; Vicki & Irene ; Terri Morrison ; =
tantenet@worldpath.net ; Samantha Fifield ; ryry12_@excite.com ; Rick =
Goodhue ; Phil Anderson ; Patrick Dunagan ; Norman ; Lili M Cote ; Leana =
Philibert ; Laurie Bruno ; jyfroggie@aol.com ; John P George ; Joyce =
Schmidt ; hrsldy@earthlink.net ; Heidi Doucett ; =
green_eyed_psycho@yahoo.com ; Gerry Gelinas ; Frank Claunch ; =
ewhitmore@deskmedia.com ; Emily LaPlante ; Doug Lamarre ; Donna Elridge =
; Darlene Beattie ; Daniel Burney ; bomarw ; bob x ; Beverly Wheeler ; =
Anna ; Robert Price=20
Sent: Saturday, February 26, 2000 2:05 PM
Subject: Fw: Information Dispatch - W32/Trinoo
----- Original Message -----=20
From: McAfee Dispatch=20
To: rosalie@worldpath.net=20
Sent: Thursday, February 24, 2000 9:57 PM
Subject: Information Dispatch - W32/Trinoo
=20
=20
=20
Information Dispatch - W32/Trinoo
Dear McAfee.com Dispatch Subscriber:=20
W32/Trinoo is a 32-bit Intel-based version of a Denial =
of Service (DDoS) attack program previously published as source code. =
AVERT has assigned it a LOW risk assessment. However, new infections are =
being reported, and AVERT is watching it closely.=20
W32/Trinoo arrives as an email trojan attachment. When =
run, it will install itself on the host system, and it will run as a =
service at the next Windows startup. It will then listen for commands on =
a pre-designated UDP port.=20
This trojan does not present a serious risk to =
individual users at this time, and no alert is being posted. However, =
AVERT and McAfee.com want to make our users aware that this trojan is =
out there, and that it is, in principle, capable of launching a Denial =
of Service attack from an infected machine.=20
McAfee.com=20
=20
--------------------------------------------------------------
Subscribe: If this message has been passed on to you =
by a friend and you would like to subscribe to the McAfee.com Dispatch, =
click here.=20
Unsubscribe: If you do not want receive the McAfee.com =
Dispatch in the future, click here.=20
Click here to view our permission marketing policy.=20
Trademarks 2000 McAfee.com Corporation / All Rights =
Reserved.=20
=20
=20
Virus Fixes =20
Find out more about this virus. Click here to go =
to the W32/Trinoo Help Center.=20
Become a McAfee Clinic subscriber and check your =
system online. To use VirusScan Online, click here. To upgrade =
ActiveShield, click here.=20
Purchase the latest copy of VirusScan, please =
click here.=20
Upgrade to the latest VirusScan. Purchase the =
VirusScan Maintenance Plan which entitles you to 12 months of upgrades, =
click here.=20
Download the latest DAT files, click here.=20
=20
Clinic Subscribers=20
=20
Click here to Tell A Friend about Clinic and =
Earn a Month FREE!=20
=20
=20
=20
=20
=20
=20
=20
=20
-------------------------------------------------------------------------=
-
=20
This message was sent by McAfee.com using Responsys Interact.
Click here to view our permission marketing policy. =20
=20
------=_NextPart_000_001C_01BF806E.A0608060
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>McAfee.com Dispatch - VIRUS ALERT</TITLE>
<META content=3D"text/html; charset=3Diso-8859-1" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.2614.3500" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY aLink=3D#ff0000 bgColor=3D#ffffff link=3D#003399 text=3D#000000 =
vLink=3D#003399>
<DIV><FONT color=3D#ff0000 face=3DArial></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>##NHHOMELESS##</FONT></DIV>
<DIV><FONT color=3D#ff0000 face=3DArial>+++++++++++++++GROUP FOR YOUR=20
INFORMATION++++++++++++++++</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>A Bro. </FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Bill</FONT></DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV style=3D"FONT: 10pt arial">----- Original Message -----=20
<DIV style=3D"BACKGROUND: #e4e4e4; font-color: black"><B>From:</B> <A=20
href=3D"mailto:rosalie@worldpath.net" =
title=3Drosalie@worldpath.net>Rosalie=20
Philibert</A> </DIV>
<DIV><B>To:</B> <A href=3D"mailto:wtinker@fcgnetworks.net"=20
title=3Dwtinker@fcgnetworks.net>wtinker@fcgnetworks.net</A> ; <A=20
href=3D"mailto:kengra@worldpath.net" title=3Dkengra@worldpath.net>Vicki =
&=20
Irene</A> ; <A href=3D"mailto:morristl@wattsind.com"=20
title=3Dmorristl@wattsind.com>Terri Morrison</A> ; <A=20
href=3D"mailto:tantenet@worldpath.net"=20
title=3Dtantenet@worldpath.net>tantenet@worldpath.net</A> ; <A=20
href=3D"mailto:samantha_fifield@umit.maine.edu"=20
title=3Dsamantha_fifield@umit.maine.edu>Samantha Fifield</A> ; <A=20
href=3D"mailto:ryry12_@excite.com" =
title=3Dryry12_@excite.com>ryry12_@excite.com</A>=20
; <A href=3D"mailto:goodhurl@wattsind.com" =
title=3Dgoodhurl@wattsind.com>Rick=20
Goodhue</A> ; <A href=3D"mailto:panderson05@mediaone.net"=20
title=3Dpanderson05@mediaone.net>Phil Anderson</A> ; <A=20
href=3D"mailto:DUNAGAPE@wattsind.com" =
title=3DDUNAGAPE@wattsind.com>Patrick=20
Dunagan</A> ; <A href=3D"mailto:crazynorm@fcgnetworks.net"=20
title=3Dcrazynorm@fcgnetworks.net>Norman</A> ; <A =
href=3D"mailto:lili@worldpath.net"=20
title=3Dlili@worldpath.net>Lili M Cote</A> ; <A =
href=3D"mailto:poseyl@umich.edu"=20
title=3Dposeyl@umich.edu>Leana Philibert</A> ; <A=20
href=3D"mailto:tingted@fcgnetworks.net" =
title=3Dtingted@fcgnetworks.net>Laurie=20
Bruno</A> ; <A href=3D"mailto:jyfroggie@aol.com"=20
title=3Djyfroggie@aol.com>jyfroggie@aol.com</A> ; <A=20
href=3D"mailto:porgie@worldpath.net" title=3Dporgie@worldpath.net>John P =
George</A>=20
; <A href=3D"mailto:polar@worldpath.net" =
title=3Dpolar@worldpath.net>Joyce=20
Schmidt</A> ; <A href=3D"mailto:hrsldy@earthlink.net"=20
title=3Dhrsldy@earthlink.net>hrsldy@earthlink.net</A> ; <A=20
href=3D"mailto:zachary@together.net" title=3Dzachary@together.net>Heidi =
Doucett</A>=20
; <A href=3D"mailto:green_eyed_psycho@yahoo.com"=20
title=3Dgreen_eyed_psycho@yahoo.com>green_eyed_psycho@yahoo.com</A> ; <A =
href=3D"mailto:ggelinas@earthlink.net" =
title=3Dggelinas@earthlink.net>Gerry=20
Gelinas</A> ; <A href=3D"mailto:CLAUNCFD@kfvalves.com"=20
title=3DCLAUNCFD@kfvalves.com>Frank Claunch</A> ; <A=20
href=3D"mailto:ewhitmore@deskmedia.com"=20
title=3Dewhitmore@deskmedia.com>ewhitmore@deskmedia.com</A> ; <A=20
href=3D"mailto:campldy@worldpath.net" =
title=3Dcampldy@worldpath.net>Emily=20
LaPlante</A> ; <A href=3D"mailto:charley@ttlc.net" =
title=3Dcharley@ttlc.net>Doug=20
Lamarre</A> ; <A href=3D"mailto:lassmeadow@aol.com" =
title=3Dlassmeadow@aol.com>Donna=20
Elridge</A> ; <A href=3D"mailto:beattidm@wattsind.com"=20
title=3Dbeattidm@wattsind.com>Darlene Beattie</A> ; <A=20
href=3D"mailto:burneydh@wattsind.com" =
title=3Dburneydh@wattsind.com>Daniel=20
Burney</A> ; <A href=3D"mailto:bomarw@gateway.net"=20
title=3Dbomarw@gateway.net>bomarw</A> ; <A =
href=3D"mailto:nvcrky@hotmail.com"=20
title=3Dnvcrky@hotmail.com>bob x</A> ; <A =
href=3D"mailto:beverly@worldpath.net"=20
title=3Dbeverly@worldpath.net>Beverly Wheeler</A> ; <A=20
href=3D"mailto:WAmw55@aol.com" title=3DWAmw55@aol.com>Anna</A> ; <A=20
href=3D"mailto:rnsprice@worldpath.net" =
title=3Drnsprice@worldpath.net>Robert=20
Price</A> </DIV>
<DIV><B>Sent:</B> Saturday, February 26, 2000 2:05 PM</DIV>
<DIV><B>Subject:</B> Fw: Information Dispatch - W32/Trinoo</DIV></DIV>
<DIV><BR></DIV>
<DIV> </DIV>
<DIV style=3D"FONT: 10pt arial">----- Original Message -----=20
<DIV style=3D"BACKGROUND: #e4e4e4; font-color: black"><B>From:</B> <A=20
href=3D"mailto:dispatch@mcafee.com" title=3Ddispatch@mcafee.com>McAfee =
Dispatch</A>=20
</DIV>
<DIV><B>To:</B> <A href=3D"mailto:rosalie@worldpath.net"=20
title=3Drosalie@worldpath.net>rosalie@worldpath.net</A> </DIV>
<DIV><B>Sent:</B> Thursday, February 24, 2000 9:57 PM</DIV>
<DIV><B>Subject:</B> Information Dispatch - W32/Trinoo</DIV></DIV>
<DIV><BR></DIV>
<TABLE border=3D0 cellPadding=3D0 cellSpacing=3D0 width=3D540>
<TBODY>
<TR align=3Dleft bgColor=3D#003399 vAlign=3Dtop>
<TD height=3D30 width=3D500><A href=3D"http://www.mcafee.com"><IMG =
border=3D0=20
height=3D30=20
=
src=3D"http://directresponse.mcafee.com/responsysimages/gmoore/trinoo/tri=
noo_html/logo_mcafee-dot-com.gif"=20
width=3D122></A></TD></TR>
<TR>
<TD><A href=3D"http://dispatch.mcafee.com"><IMG border=3D0 =
height=3D26=20
=
src=3D"http://directresponse.mcafee.com/responsysimages/gmoore/trinoo/tri=
noo_html/disp_hd.gif"=20
width=3D540></A></TD></TR>
<TR>
<TD>
<TABLE border=3D0 cellPadding=3D0 cellSpacing=3D0 width=3D540>
<TBODY>
<TR>
<TD align=3Dleft vAlign=3Dtop width=3D390>
<TABLE border=3D0 cellPadding=3D0 cellSpacing=3D0 =
width=3D390>
<TBODY>
<TR>
<TD width=3D375></TD>
<TD width=3D15></TD></TR>
<TR>
<TD width=3D375><BR>
<P align=3Dcenter><FONT=20
face=3D"Verdana, Arial, Helvetica, sans-serif" =
size=3D2><B><FONT=20
color=3D#003399>Information Dispatch -</FONT>=20
W32/Trinoo</B></FONT></P>
<P><FONT face=3D"Verdana, Arial, Helvetica, =
sans-serif"=20
size=3D2><B>Dear McAfee.com Dispatch Subscriber:</B>=20
<P><B>W32/Trinoo</B> is a 32-bit Intel-based version =
of a=20
Denial of Service (DDoS) attack program previously =
published=20
as source code. AVERT has assigned it a <B>LOW</B> =
risk=20
assessment. However, new infections are being =
reported, and=20
AVERT is watching it closely.=20
<P>W32/Trinoo arrives as an <B>email trojan =
attachment</B>.=20
When run, it will install itself on the host system, =
and it=20
will run as a service at the next Windows startup. It =
will=20
then listen for commands on a pre-designated UDP port. =
<P>This trojan <B>does not</B> present a serious risk =
to=20
individual users at this time, and no alert is being =
posted.=20
However, AVERT and McAfee.com want to make our users =
aware=20
that this trojan is out there, and that it is, in =
principle,=20
capable of launching a Denial of Service attack from =
an=20
infected machine.=20
<P></FONT>
<TABLE border=3D0 cellPadding=3D5 width=3D"100%">
<TBODY>
<TR align=3Dright bgColor=3D#ffcccc>
<TD><FONT face=3D"Verdana, Arial, Helvetica, =
sans-serif"=20
size=3D2><B><FONT =
color=3D#ff0000>McAfee</FONT><FONT=20
=
color=3D#003399>.com</FONT></B></FONT></TD></TR></TBODY></TABLE></P></TD>=
<TD width=3D15></TD></TR>
<TR>
<TD align=3Dmiddle vAlign=3Dtop width=3D375><BR>
<HR color=3D#ff0000 SIZE=3D1 width=3D"100%">
<P><FONT face=3D"Verdana, Arial, Helvetica, Geneva"=20
size=3D1><B>Subscribe:</B> If this message has been =
passed on to=20
you by a friend and you would like to subscribe to the =
McAfee.com Dispatch, <A=20
=
href=3D"http://dispatch.mcafee.com/sub.asp?s=3D22">click here</A>.=20
</FONT>
<P><FONT face=3D"Verdana, Arial, Helvetica, Geneva"=20
size=3D1><B>Unsubscribe:</B> If you do not want =
receive the=20
McAfee.com Dispatch in the future, <A=20
href=3D"http://dispatch.mcafee.com/unsub.asp">click =
here</A>.=20
</FONT><!--
<p><font face=3D"Verdana, Arial, Helvetica, Geneva" size=3D"1">
This Virus Alert has been issued by the Network Associates=20
Anti-Virus Emergency Response Team (AVERT).=20
</font>
-->
<P><FONT face=3D"Verdana, Arial, Helvetica, Geneva" =
size=3D1><A=20
=
href=3D"http://dispatch.mcafee.com/permission_policy.asp">Click=20
here</A> to view our permission marketing policy. =
</FONT>
<P><FONT face=3D"Verdana, Arial, Helvetica, Geneva"=20
size=3D1>Trademarks 2000 McAfee.com Corporation / All =
Rights=20
Reserved. </FONT></P></TD>
<TD width=3D15></TD></TR></TBODY></TABLE></TD>
<TD align=3Dmiddle bgColor=3D#cccccc vAlign=3Dtop width=3D150>
<TABLE border=3D0 cellPadding=3D0 cellSpacing=3D0 =
width=3D"100%">
<TBODY>
<TR>
<TD height=3D8></TD></TR>
<TR align=3Dmiddle>
<TD>
<TABLE border=3D0 cellPadding=3D2 cellSpacing=3D0 =
width=3D146=20
noshade=3D"YES">
<TBODY>
<TR bgColor=3D#ff0000>
<TD align=3Dmiddle vAlign=3Dtop width=3D150><FONT=20
color=3D#ffffff face=3D"Verdana, Arial, =
Helvetica, Geneva"=20
size=3D2><B>Virus Fixes</B></FONT> </TD></TR>
<TR bgColor=3D#ffffff>
<TD><FONT face=3D"Verdana, Arial, Helvetica, =
Geneva"=20
size=3D1>
<P><BR><IMG align=3Dleft border=3D0 height=3D24 =
hspace=3D2=20
=
src=3D"http://directresponse.mcafee.com/responsysimages/gmoore/trinoo/tri=
noo_html/icon_antivirus.gif"=20
vspace=3D2 width=3D24><B>Find out more</B> about =
this virus.=20
<A =
href=3D"http://www.mcafee.com/viruses/trinoo">Click=20
here</A> to go to the W32/Trinoo Help Center.=20
<P><IMG align=3Dleft border=3D0 height=3D24 =
hspace=3D2=20
=
src=3D"http://directresponse.mcafee.com/responsysimages/gmoore/trinoo/tri=
noo_html/icon_pccheckup.gif"=20
vspace=3D2 width=3D24>Become a <B>McAfee =
Clinic</B>=20
subscriber and check your system online. To use=20
<B>VirusScan Online</B>, <A=20
=
href=3D"http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3D1214">cli=
ck=20
here</A>. To upgrade <B>ActiveShield</B>, <A=20
=
href=3D"http://clinic.mcafee.com/clinic/virusscan/activeshield/start.asp"=
>click=20
here</A>.=20
<P><IMG align=3Dleft border=3D0 height=3D42 =
hspace=3D2=20
=
src=3D"http://directresponse.mcafee.com/responsysimages/gmoore/trinoo/tri=
noo_html/virusscan_fi_boxshot.gif"=20
vspace=3D2 width=3D35><B>Purchase</B> the latest =
copy of=20
VirusScan, please <A=20
=
href=3D"http://store.mcafee.com/category.asp?CatID=3D3&CategoryLevel=3D=
1&rfr=3DVSCALRT">click=20
here</A>.=20
<P><IMG align=3Dleft border=3D0 height=3D24 =
hspace=3D2=20
=
src=3D"http://directresponse.mcafee.com/responsysimages/gmoore/trinoo/tri=
noo_html/icon_shopping.gif"=20
vspace=3D2 width=3D24><B>Upgrade</B> to the =
latest=20
VirusScan. Purchase the VirusScan Maintenance =
Plan which=20
entitles you to 12 months of upgrades, <A=20
=
href=3D"http://store.mcafee.com/category.asp?CatID=3D18&CategoryLevel=
=3D1&rfr=3DVRSPLN">click=20
here</A>.=20
<P><IMG align=3Dleft border=3D0 height=3D24 =
hspace=3D2=20
=
src=3D"http://directresponse.mcafee.com/responsysimages/gmoore/trinoo/tri=
noo_html/icon_download.gif"=20
vspace=3D2 width=3D24><B>Download</B> the latest =
DAT files,=20
<A=20
=
href=3D"http://download.mcafee.com/updates/updates.asp">click=20
here</A>. <BR></FONT></P></TD></TR>
<TR align=3Dmiddle bgColor=3D#ffcc00>
<TD><FONT color=3D#003399=20
face=3D"Verdana, Arial, Helvetica, Geneva"=20
size=3D2><B>Clinic =
Subscribers</B></FONT></TD></TR>
<TR>
<TD bgColor=3D#ffffff><FONT=20
face=3D"Verdana, Arial, Helvetica, sans-serif"=20
size=3D1> <BR><A=20
=
href=3D"http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3D1215">Cli=
ck=20
here</A> to <B>Tell A Friend</B> about Clinic =
and=20
<B>Earn a Month FREE!</B> <BR> =20
</FONT></TD></TR></TBODY></TABLE></TD></TR>
<TR>
<TD height=3D2></TD></TR>
<TR align=3Dmiddle>
<TD></TD></TR>
<TR>
=
<TD></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE></TD></TR></TBODY=
></TABLE><BR> <BR>
<TABLE border=3D0 cellPadding=3D2 cellSpacing=3D0 width=3D"100%">
<TBODY>
<TR>
<TD colSpan=3D2 height=3D3>
<HR color=3D#ff0000 noShade SIZE=3D1>
</TD></TR>
<TR>
<TD align=3Dleft vAlign=3Dtop><IMG height=3D25=20
=
src=3D"http://images.rsvp0.net/responsysimages/responsys_powered_25.gif" =
width=3D135> </TD>
<TD align=3Dright vAlign=3Dtop><FONT face=3D"Arial, Helvetica, =
sans-serif"=20
size=3D1>This message was sent by McAfee.com using Responsys =
Interact.<BR><A=20
href=3D"http://www.rsvp0.net" target=3D_blank>Click here</A> to =
view our=20
permission marketing policy. =
</FONT></TD></TR></TBODY></TABLE><BR><IMG border=3D0=20
height=3D3=20
src=3D"http://directresponse.mcafee.com/servlet/footer/dot?nthhkLDUTVEkhl=
HspLFPhksKiHmoDgLmEa"=20
width=3D3> </BODY></HTML>
------=_NextPart_000_001C_01BF806E.A0608060--